THX Stefan
Am 05.04.2017 um 12:11 schrieb Wolfgang Bumiller: > applied to both master and stable-4 > > On Tue, Apr 04, 2017 at 04:43:31PM +0200, Thomas Lamprecht wrote: >> From: Stefan Priebe <[email protected]> >> >> This allows us to use management software for files inside of /etc/pve. >> e.g. saltstack which rely on being able to set uid,gid and chmod >> >> Signed-off-by: Thomas Lamprecht <[email protected]> >> Signed-off-by: Stefan Priebe <[email protected]> >> --- >> >> changes v5 -> v6: adress Wolfgangs comments: >> * explicitly allow only setting the mode we support, do not mask out >> sgid/suid >> bits >> * use more fitting -EPERM not -EACCES, EACCES is for the case that there are >> access problems on the path traversal to the file, whereas EPERM is for >> access/permission problems for the file itself. >> >> data/src/pmxcfs.c | 38 +++++++++++++++++++++++++++++++++++++- >> 1 file changed, 37 insertions(+), 1 deletion(-) >> >> diff --git a/data/src/pmxcfs.c b/data/src/pmxcfs.c >> index 1b6cbcc..0f09937 100644 >> --- a/data/src/pmxcfs.c >> +++ b/data/src/pmxcfs.c >> @@ -186,6 +186,40 @@ ret: >> return ret; >> } >> >> +static int cfs_fuse_chmod(const char *path, mode_t mode) >> +{ >> + int ret = -EPERM; >> + >> + cfs_debug("enter cfs_fuse_chmod %s", path); >> + >> + mode_t allowed_mode = (S_IRUSR | S_IWUSR); >> + if (!path_is_private(path)) >> + allowed_mode |= (S_IRGRP); >> + >> + // allow only setting our supported modes (0600 for priv, 0640 for rest) >> + if (mode == allowed_mode) >> + ret = 0; >> + >> + cfs_debug("leave cfs_fuse_chmod %s (%d) mode: %o", path, ret, >> (int)mode); >> + >> + return ret; >> +} >> + >> +static int cfs_fuse_chown(const char *path, uid_t user, gid_t group) >> +{ >> + int ret = -EPERM; >> + >> + cfs_debug("enter cfs_fuse_chown %s", path); >> + >> + // we get -1 if no change should be made >> + if ((user == 0 || user == -1) && (group == cfs.gid || group == -1)) >> + ret = 0; >> + >> + cfs_debug("leave cfs_fuse_chown %s (%d) (uid: %d; gid: %d)", path, ret, >> user, group); >> + >> + return ret; >> +} >> + >> static int cfs_fuse_mkdir(const char *path, mode_t mode) >> { >> cfs_debug("enter cfs_fuse_mkdir %s", path); >> @@ -488,7 +522,9 @@ static struct fuse_operations fuse_ops = { >> .readlink = cfs_fuse_readlink, >> .utimens = cfs_fuse_utimens, >> .statfs = cfs_fuse_statfs, >> - .init = cfs_fuse_init >> + .init = cfs_fuse_init, >> + .chown = cfs_fuse_chown, >> + .chmod = cfs_fuse_chmod >> }; >> >> static char * >> -- >> 2.11.0 > > _______________________________________________ > pve-devel mailing list > [email protected] > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
